Skip to content
Permalink
Browse files

Make LDAP authentication configurable

  • Loading branch information
erikhofer committed Jul 11, 2019
1 parent dcd72bd commit 5d22f145224bfe5991fe6e41f578ea4b8bed8dae
@@ -25,7 +25,7 @@
/nbdist/
/.nb-gradle/

src/main/resources/application-dev.properties
src/main/resources/application-dev.*
src/main/resources/git.properties
.asscache
.vagrant
@@ -2,31 +2,38 @@ package de.code_freak.codefreak.auth

import de.code_freak.codefreak.entity.User
import de.code_freak.codefreak.repository.UserRepository
import org.slf4j.LoggerFactory
import org.springframework.ldap.core.DirContextAdapter
import org.springframework.ldap.core.DirContextOperations
import org.springframework.security.core.GrantedAuthority
import org.springframework.security.core.userdetails.UserDetails
import org.springframework.security.ldap.userdetails.UserDetailsContextMapper
import java.lang.UnsupportedOperationException

class LdapUserDetailsContextMapper(private val userRepository: UserRepository) : UserDetailsContextMapper {
class LdapUserDetailsContextMapper(
private val userRepository: UserRepository,
roleMappings: Map<String, Role>
) : UserDetailsContextMapper {

private val log = LoggerFactory.getLogger(this::class.java)
private val mappings = roleMappings.mapKeys { "ROLE_" + it.key.toUpperCase() }

override fun mapUserToContext(user: UserDetails?, ctx: DirContextAdapter?) {
throw UnsupportedOperationException()
}

val mapping = mapOf("ROLE_SHIP_CREW" to Role.ADMIN)

override fun mapUserFromContext(ctx: DirContextOperations?, username: String?, authorities: MutableCollection<out GrantedAuthority>?): UserDetails {
val roles = mutableListOf<Role>()

authorities?.forEach {
val role = mapping[it.authority]
val role = mappings[it.authority]
if (role != null) {
roles.add(role)
}
}

val user = userRepository.findByUsernameIgnoreCase(username!!).orElseGet { userRepository.save(User(username)) }
log.debug("Logging in ${user.username} with roles $roles")
return AppUser(user, roles)
}
}
@@ -8,10 +8,6 @@ enum class Role(private val auth: String, private vararg val inheritedRoles: Rol
TEACHER(Authority.ROLE_TEACHER, STUDENT),
ADMIN(Authority.ROLE_ADMIN, TEACHER, STUDENT);

companion object {
fun fromString(authority: String): Role = values().first { it.authority == authority }
}

override fun getAuthority(): String = auth

val allAuthorities get() = listOf(this, *inheritedRoles).map { it.auth }
@@ -1,6 +1,7 @@
package de.code_freak.codefreak.config

import de.code_freak.codefreak.auth.AuthenticationMethod
import de.code_freak.codefreak.auth.Role
import org.springframework.boot.context.properties.ConfigurationProperties
import org.springframework.context.annotation.Configuration

@@ -17,6 +18,7 @@ class AppConfiguration {
val traefik = Traefik()
val latex = Latex()
val frontend = Frontend()
val ldap = Ldap()

class Frontend {
/**
@@ -84,5 +86,10 @@ class AppConfiguration {

class Ldap {
var url: String? = null
var roleMappings: Map<String, Role> = mapOf()
var userSearchBase = "ou=people"
var userSearchFilter = "(uid={0})"
var groupSearchBase = "ou=groups"
var groupSearchFilter = "member={0}"
}
}
@@ -56,12 +56,12 @@ class SecurityConfiguration : WebSecurityConfigurerAdapter() {

private fun configureLdapAuthentication(auth: AuthenticationManagerBuilder?) {
auth?.ldapAuthentication()
?.userDetailsContextMapper(LdapUserDetailsContextMapper(userRepository))
?.userSearchBase("ou=people")
?.userSearchFilter("(uid={0})")
?.groupSearchBase("ou=people")
?.groupSearchFilter("member={0}")
?.userDetailsContextMapper(LdapUserDetailsContextMapper(userRepository, config.ldap.roleMappings))
?.userSearchBase(config.ldap.userSearchBase)
?.userSearchFilter(config.ldap.userSearchFilter)
?.groupSearchBase(config.ldap.groupSearchBase)
?.groupSearchFilter(config.ldap.groupSearchFilter)
?.contextSource()
?.url("ldap://10.12.12.100:389/dc=planetexpress,dc=com")
?.url(config.ldap.url ?: throw IllegalStateException("LDAP URL has not been configured"))
}
}

0 comments on commit 5d22f14

Please sign in to comment.
You can’t perform that action at this time.